Passing the Baton

April 26, 2017

Today we are handing over future maintenance of grsecurity test
patches to the community. This makes grsecurity for Linux 4.9 the last
version Open Source Security Inc. will release to non-subscribers.

Grsecurity development and maintenance will accelerate. We will
continue to stay on top of the latest Linux kernel developments,
track daily git commits, and maintain internal patches for the
latest kernel releases. We are fast-tracking the integration of our
next generation technologies into grsecurity.

The dedicated maintenance of a security-centric codebase provides the
Linux community a unique opportunity to gain experience in kernel
security, fostering a new generation of security minds.

We are grateful to those who have contributed code to grsecurity over
the years. Directly, this includes Mathias Krause, Zbyniu Krzystolik,
Rodrigo Branco, Corey Minyard, and Enrico Perla. Indirectly, this
includes all the work done by Peter Busser in the former Adamantix
project (including most of the code in paxtest), all of the mostly
under-appreciated and uncredited work by Gentoo Hardened to push
through widespread use of PIE and fixing userland to handle the
stricter memory defenses of PaX (which SELinux and others were later
able to benefit from). Specifically, we'd like to thank Mike
Frysinger, Anthony Basile, Ned Ludd, Peter S. Mazinger, and Alexander
Gabert for their Gentoo Hardened work and forum user meev0 for the
majority of the grsecurity wiki.

Finally, our heartfelt gratitude to the users who have supported our
public work through donations or otherwise over the past 16 years.

For more information regarding this announcement, we've provided a
FAQ. We remain completely dedicated to our customers who support
our work. Open Source Security Inc., a Pennsylvania Corporation,
provides grsecurity stable patch subscription services, professional
support, and custom security development services.

About grsecurity

grsecurity® is an extensive security enhancement to the Linux kernel that defends against a wide range of security threats through intelligent access control, memory corruption-based exploit prevention, and a host of other system hardening that generally require no configuration.